AES Encryption
AES Encryption Porting from PHP to YiiRate Topic:

I am very new to Yii, but very excited about all the possibilities I see.

I am building an application where several of the fields require encryption (social security number, etc.). In my old, procedural PHP code, I was able to do this when extracting an encrypted field value from MySQL to display in a form:

AES_DECRYPT(insuranceSubscriberSSN,’$key_string’) as insuranceSubscriberSSN

I have looked through the documentation and the forums but have not found a good exmaple of how this works (at least, one that I kind understand).

I would very much appreciate some guidance and examples of the best ways to encrypt and decrypt a couple of fields.

If you do a manual query using the same vars, do you get a result then? And if you replace AES_DECRYPT with AES_ENCRYPT, is it returning something? If so, the php code works, but there is something wrong with mysql. I'm not familiar with the AES_ functions so I'm not sure how it behaves.

It might help to configure a CProfileLogRoute (guide: logging) and to set your DB-connection's "enableProfiling" attribute to true (guide: db). You should then see the queries that are executed during each request at the bottom of your page. Maybe it helps to find out what's going wrong.

SELECT AES_DECRYPT(clientSocialSecurity,'C3yZ)pO|RgP|IaBuCT') as encoded FROM `clients` `t` WHERE `t`.`Id` IS NULL LIMIT 1

This is making all the records disappear and the pages throw errors.

So, there's something wrong with how I'm using the code. I guess what I'm missing is how that function gets called (perhaps by default?). Either way, it's not returning anything, and its also making the other information on the page disappear.

I've just read through and i'm not seeing anything obvious, it might help just to post your client model class, the action function that your using to view it and the view it's displayed in. At least we can then move things around to try, as the chances of you misinterpreting where to put things is more likely than something actually breaking and AR can be a bit temperamental when your doing custom selects and aliasing.

P.S
I've not done much with encrypting database fields so this is only a query, but is it really the best way to encrypt sending the raw data over to the DB to do the encryption and decryption? I always assumed it was better PHP side as there's never any transfer of unsecured data?

I didn't know about scopes when I had to solve this exact same problem, so I did what the previous post suggets. I.e., compute the variable in the afterFind() method of the model class. Importantly, you must also remember to AES-encrypt it in the beforeSave() method.

The other difference in my implementation is that I wrote AES-encrypt and decrypt functions which are compatible with MySQL AES_ENCRYPT/AES_DECRYPT, whereas the previous solution relies on a the openssl library for encryption..

*Any* class that you place in
protected/components
will be available for use by your application.
(The rule is, the filename must match the name of the class it contains. So, as a rule of thumb, don't define more than one class per file.)

So, place the file in "protected/components", and call it Globals.php.
No need for pesky require() statements!

That globals.php doesn't really blend in with Yii's design. You can put the key into the param-stanza of your config/main.php and fetch it later via Yii::app()->params['secretKey']. The methods were best off in a behaviour. Just saying

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code

That globals.php doesn't really blend in with Yii's design. You can put the key into the param-stanza of your config/main.php and fetch it later via Yii::app()->params['secretKey']. The methods were best off in a behaviour. Just saying

Hey, I'm always trying to do things the "best practices" way. But I'm confused. I use params for little things like, "adminEmail". What does it mean to make a *class* into a parameter? Did you mean, instead, that Globals.php should be made into an application *component*? If I did that, I could indeed access functions in "Globals.php" viaYii::app()->globals.
Confused.

Hm, I didn't intend to make the Globals class into a param or a component. I'd rather scrap it entirely and take the key into the application's config (where it belongs, IMHO) and stash away the encryption and decryption functionality into a behaviour that can easily be attached to multiple models.

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code

Ah, almost forgot: There's the CSecurityManager class that can take care of en- and decryption as well. In fact, it wraps around PHP's mcrypt extension, so it's close to Emily's solution. Sorry, but I use that class so rarely, I forgot all about it

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code

Hm, I didn't intend to make the Globals class into a param or a component. I'd rather scrap it entirely and take the key into the application's config (where it belongs, IMHO) and stash away the encryption and decryption functionality into a behaviour that can easily be attached to multiple models.

Okay, I think I follow.
I agree that "key", stuffed into Globals.php, is pure laziness on my part; it should be an application param.
I'll read up on behaviors...haven't used them yet, thanks!
Em

Ah, almost forgot: There's the CSecurityManager class that can take care of en- and decryption as well. In fact, it wraps around PHP's mcrypt extension, so it's close to Emily's solution. Sorry, but I use that class so rarely, I forgot all about it

So, if I run the "encrypt" method of CSecurityManager with a string and a key, will it give me the same result as running MySQL's AES_ENCRYPT with the same string and key? Lacking that was why I rolled my own in "Globals".